{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,14]],"date-time":"2026-04-14T16:10:56Z","timestamp":1776183056497,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2006,10,30]],"date-time":"2006-10-30T00:00:00Z","timestamp":1162166400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["RGPN 227441"],"award-info":[{"award-number":["RGPN 227441"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2006,10,30]]},"DOI":"10.1145\/1501434.1501479","type":"proceedings-article","created":{"date-parts":[[2009,2,4]],"date-time":"2009-02-04T13:02:04Z","timestamp":1233752524000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":67,"title":["Alert correlation survey"],"prefix":"10.1145","author":[{"given":"Reza","family":"Sadoddin","sequence":"first","affiliation":[{"name":"University of New Brunswick, Fredericton, New Brunswick, Canada"}]},{"given":"Ali","family":"Ghorbani","sequence":"additional","affiliation":[{"name":"University of New Brunswick, Fredericton, New Brunswick, Canada"}]}],"member":"320","published-online":{"date-parts":[[2006,10,30]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings: North American Fuzzy Information Processing Society International Conference on Soft Computing for Real World Applications","author":"Ambareen Siraj R. B. V.","year":"2005","unstructured":"R. B. V. Ambareen Siraj . Multi-level alert clustering for intrusion detection sensor data . In Proceedings: North American Fuzzy Information Processing Society International Conference on Soft Computing for Real World Applications , Ann Arbor, Michigan , June 2005 . R. B. V. Ambareen Siraj. Multi-level alert clustering for intrusion detection sensor data. In Proceedings: North American Fuzzy Information Processing Society International Conference on Soft Computing for Real World Applications, Ann Arbor, Michigan, June 2005."},{"key":"e_1_3_2_1_2_1","unstructured":"B. M. L. by Bugtraq. http:\/\/www.securityfocus.com\/bid\/bugtraqid\/.  B. M. L. by Bugtraq. http:\/\/www.securityfocus.com\/bid\/bugtraqid\/."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2003.1194892"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/872016.872176"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830542"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/645838.670728"},{"key":"e_1_3_2_1_7_1","volume-title":"January","author":"Curry D.","year":"2003","unstructured":"D. Curry and H. Debar . Intrusion detection message exchange format: Extensible markup language (xml) document type definition , January 2003 . D. Curry and H. Debar. Intrusion detection message exchange format: Extensible markup language (xml) document type definition, January 2003."},{"key":"e_1_3_2_1_8_1","first-page":"1","volume-title":"Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications","author":"Dain O.","year":"2001","unstructured":"O. Dain and R. Cunningham . Fusing heterogeneous alert streams into scenarios . In Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications , pages 1 -- 13 , 2001 . O. Dain and R. Cunningham. Fusing heterogeneous alert streams into scenarios. In Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, pages 1--13, 2001."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45474-8_6"},{"key":"e_1_3_2_1_10_1","volume-title":"Statl: An attack language for state-based intrusion detection","author":"Eckmann S.","year":"2002","unstructured":"S. Eckmann , G. Vigna , and R. Kemmerer . Statl: An attack language for state-based intrusion detection , 2002 . S. Eckmann, G. Vigna, and R. Kemmerer. Statl: An attack language for state-based intrusion detection, 2002."},{"key":"e_1_3_2_1_11_1","volume-title":"December","year":"1997","unstructured":"Fyodor. The art of port scanning , December 1997 . http:\/\/www.insecure.org\/nmap\/. Fyodor. The art of port scanning, December 1997. http:\/\/www.insecure.org\/nmap\/."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/950191.950192"},{"key":"e_1_3_2_1_14_1","volume-title":"Naval Research Laboratory","author":"Landwehr C. E.","year":"1993","unstructured":"C. E. Landwehr , A. R. Bull , J. P. McDermott , and W. S. Choi . A taxonomy of computer program security flaws, with examples. Technical report , Naval Research Laboratory , November 1993 . C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi. A taxonomy of computer program security flaws, with examples. Technical report, Naval Research Laboratory, November 1993."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/882493.884387"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00138-9"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45248-5_6"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/1754701.1754711"},{"key":"e_1_3_2_1_19_1","volume-title":"Constructing attack scenarios through correlation of intrusion alerts","author":"Ning P.","year":"2002","unstructured":"P. Ning , Y. Cui , and D. Reeves . Constructing attack scenarios through correlation of intrusion alerts , 2002 . P. Ning, Y. Cui, and D. Reeves. Constructing attack scenarios through correlation of intrusion alerts, 2002."},{"key":"e_1_3_2_1_20_1","volume-title":"NDSS","author":"Ning P.","year":"2004","unstructured":"P. Ning , D. Xu , C. G. Healey , and R. S. Amant . Building attack scenarios through integration of complementary alert correlation method . In NDSS , 2004 . P. Ning, D. Xu, C. G. Healey, and R. S. Amant. Building attack scenarios through integration of complementary alert correlation method. In NDSS, 2004."},{"key":"e_1_3_2_1_21_1","volume-title":"Using adaptive alert classification to reduce false positives in intrusion detection","author":"Pietraszek T.","year":"2004","unstructured":"T. Pietraszek . Using adaptive alert classification to reduce false positives in intrusion detection , 2004 . T. Pietraszek. Using adaptive alert classification to reduce false positives in intrusion detection, 2004."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/1754701.1754710"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.7"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/11427995_18"},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the sixth Nordic Workshop on Secure IT systems (NordSec2001)","author":"Svensson H.","year":"2001","unstructured":"H. Svensson and A. Josang . Correlation of intrusion alarms with subjective logic . In Proceedings of the sixth Nordic Workshop on Secure IT systems (NordSec2001) , Copenhagen, Denmark, Novenber 2001 . H. Svensson and A. Josang. Correlation of intrusion alarms with subjective logic. In Proceedings of the sixth Nordic Workshop on Secure IT systems (NordSec2001), Copenhagen, Denmark, Novenber 2001."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/366173.366187"},{"key":"e_1_3_2_1_29_1","first-page":"209","volume-title":"SEC","author":"Totel E.","year":"2004","unstructured":"E. Totel , B. Vivinis , and L. M\u00e9 . A language driven ids for event and alert correlation . In SEC , pages 209 -- 224 , 2004 . E. Totel, B. Vivinis, and L. M\u00e9. A language driven ids for event and alert correlation. In SEC, pages 209--224, 2004."},{"key":"e_1_3_2_1_30_1","volume-title":"Modeling Computer Attacks: An Ontology for Intrusion Detection. In The Sixth International Symposium on Recent Advances in Intrusion Detection. Springer","author":"Undercoffer J. L.","year":"2003","unstructured":"J. L. Undercoffer , A. Joshi , and J. Pinkston . Modeling Computer Attacks: An Ontology for Intrusion Detection. In The Sixth International Symposium on Recent Advances in Intrusion Detection. Springer , September 2003 . J. L. Undercoffer, A. Joshi, and J. Pinkston. Modeling Computer Attacks: An Ontology for Intrusion Detection. In The Sixth International Symposium on Recent Advances in Intrusion Detection. Springer, September 2003."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/645839.670734"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.21"},{"key":"e_1_3_2_1_33_1","unstructured":"C. Vulnerabilities and Exposures. http:\/\/www.cve.mitre.org\/.  C. Vulnerabilities and Exposures. http:\/\/www.cve.mitre.org\/."},{"issue":"2","key":"e_1_3_2_1_34_1","first-page":"73","article-title":"Statistical causality analysis of infosec alert data","volume":"2820","author":"Xinzhou Qin W. L.","year":"2003","unstructured":"W. L. Xinzhou Qin . Statistical causality analysis of infosec alert data . Lecture Notes in Computer Science , 2820 ( 2 ): 73 -- 93 , 2003 . W. L. Xinzhou Qin. Statistical causality analysis of infosec alert data. Lecture Notes in Computer Science, 2820(2):73--93, 2003.","journal-title":"Lecture Notes in Computer Science"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24852-1_33"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1167253.1167289"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2004.29"},{"issue":"2","key":"e_1_3_2_1_38_1","first-page":"244","article-title":"Alert correlation for extracting attack strategies","volume":"3","author":"Zhu B.","year":"2006","unstructured":"B. Zhu and A. A. Ghorbani . Alert correlation for extracting attack strategies . International Journal of Network Security , 3 ( 2 ): 244 -- 258 , 2006 . B. Zhu and A. A. Ghorbani. Alert correlation for extracting attack strategies. International Journal of Network Security, 3(2):244--258, 2006.","journal-title":"International Journal of Network Security"}],"event":{"name":"PST06: International Conference on Privacy, Security and Trust","location":"Markham Ontario Canada","acronym":"PST06","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1501434.1501479","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1501434.1501479","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T15:06:40Z","timestamp":1750259200000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1501434.1501479"}},"subtitle":["framework and techniques"],"short-title":[],"issued":{"date-parts":[[2006,10,30]]},"references-count":35,"alternative-id":["10.1145\/1501434.1501479","10.1145\/1501434"],"URL":"https:\/\/doi.org\/10.1145\/1501434.1501479","relation":{},"subject":[],"published":{"date-parts":[[2006,10,30]]},"assertion":[{"value":"2006-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}